The Federal Bureau of Investigation (FBI) has issued an urgent warning about a rapidly spreading phishing scam that can hijack Microsoft 365 accounts.
The scam known as Kali365 is a phishing platform as a service that allows cybercriminals to capture OAuth tokens. These digital keys give applications access to user data.
Once the data is accessed, hackers can infiltrate Outlook, Teams, and OneDrive as if they were genuine users.
How the Kali365 scam works
Victims receive a phishing email disguised as a trusted cloud service. The email has a device code that directs the user to visit an authentic Microsoft verification page to enter it.
Once verification is done, they unknowingly authorize the attacker’s device to access their account.
The Kali365 software program offers its users a subscription plan starting at $250 per month. The service provides users with AI-based phishing emails, automated templates for running campaigns, and even provides dashboards to track victims in real time.
Since April, security researchers have reported thousands of Kali365 targeting organizations in North America and Europe in sectors including manufacturing, healthcare, finance, and government.
The FBI suggests that organizations use “Conditional Access” policies in Microsoft Login ID to block the flow of device codes where appropriate.
Experts also suggest introducing phishing-resistant MFA, including hardware security keys.
Officials request that individual users never click on links or enter codes from unsolicited emails.
